├── ADO10-description.md ├── ADO20-description.md ├── ADO30-description.md ├── ADO40-description.md ├── ADO50-description.md ├── CODE_OF_CONDUCT.md ├── LICENSE ├── LICENSE-CODE ├── README.md └── SECURITY.md /ADO10-description.md: -------------------------------------------------------------------------------- 1 | # [ADO10] Getting started with DevOps 2 | 3 | ### **Abstract:** 4 | As teams grow, finding ways to effectively work together is vital. Communication across teams is challenging. We need to enable discovery of conversations and related information. Source code, scripts, configuration files, deployment docs and other related content also need to be centralized and versioned. Finally, teams need tooling that not only works across multiple project types and languages, but also facilitates remote-first collaboration. 5 | 6 | ### **Long Description:** 7 | 8 | Tailwind Traders has been growing and the developer and operations teams have become larger and more specialized. With differing goals and incentives, the directions of the teams has diverged and become more adversarial. Some of the more senior team members recognized what was happening and are trying to bring the teams back together. 9 | 10 | The first step they are taking is to use shared tooling. By aligning the tools the teams are using, they create natural conversation and collaboration points. They use Teams as the hub for their work experience. They connect almost all other avenues of information into Teams – GitHub, documents, dashboards, OneNote, and more. 11 | 12 | The next step is getting everything into source control. From industry research, the team knows that one of the keys to improving their development and operational experience is the use of source control for all production artifacts. Source control isn’t just another development tool, it’s a communication tool that helps facilitate conversations. With all our code, configuration, scripts, and other versionable documents in a git repository we can use tags, commit IDs, branches, and other identifiers to know what versions of things are being used when and where. We develop a history of how things have changed and, via pull requests, can have conversations about the evolution of these artifacts. 13 | 14 | Finally, the team is transitioning everyone onto Visual Studio Code – with its strong support for Azure, GitHub, and every programming and scripting environment they work in – it was the logical choice. With GitHub and GitHub Codespaces, any team member from anywhere with almost any platform can be productive across their whole application portfolio. Visual Studio Live Share enables the remote team to collaborate almost as effectively as if they were sitting side by side and provides a great way for operations and development team members to "ride along" on tasks or while troubleshooting. 15 | 16 | ### **User problem:** 17 | 18 | How do I work effectively with my development and operations teams? 19 | 20 | 21 | ### **Attendee Takeaways:** 22 | * Make communication centralized and discoverable. 23 | * Everything that can be versioned goes in source control. 24 | * Pick tools that support your team’s workflow – including source control, remote collaboration, and language and project types. 25 | 26 | ### **Concepts:** 27 | * Source Control 28 | * Communication and Collaboration 29 | 30 | ### **Technology:** 31 | * Microsoft Teams 32 | * Visual Studio Code 33 | * GitHub Repos 34 | * GitHub Codespaces 35 | 36 | ### **Resources:** 37 | * [PowerPoint Resources and speaker notes](https://aka.ms/aaa/devops/slides/ado10) 38 | * [Link to 45 min version of the session as Train-the-Trainer resource](https://aka.ms/aaa/devops/video/ado10) -------------------------------------------------------------------------------- /ADO20-description.md: -------------------------------------------------------------------------------- 1 | # [ADO20] Managing the Flow of Work 2 | 3 | 4 | ### **Abstract:** 5 | DevOps is all about continuously delivering value. Before we can even begin thinking about CI/CD, we need to make sure we do the right work. Sprint after sprint, iteration after iteration, we need to plan our work and manage our workflows. 6 | 7 | This includes planning and tracking all units of work for the project. With frequent small iterations, there is no time to waste. Careful planning needs to happen to ensure the correct work gets done for each iteration. With the compressed time frame for each iteration, team members must work and coordinate their activities. Thus cross (functional) team visibility of work becomes vital for that coordination and allocation of resources. Visibility also ensures problems or bottlenecks get surfaced and addressed quickly. 8 | 9 | Managing source control changes are also important. We need to be in a deployable state at the end of every sprint. The main branch should be protected, yet changes being introduced should not be overly hampered and slowed down by the process. Being able to iterate quickly and safely is vital. 10 | 11 | And finally, we need automation surrounding all our workflows to help enable everything as well as add consistency in what we do. 12 | 13 | ### **Long Description:** 14 | 15 | Tailwind Traders has fully committed to the cloud. They have also gone all in on the concepts of DevOps. They've even decided on their tooling stack. And here is where the rubber meets the road. Theory is great, but now it's time to actually implement the DevOps concepts with the tool chain selected. 16 | 17 | In order to continuously deliver value, Tailwind Traders knew they had to have many small and frequent iterations. To be successful in this type of model, they required real-time communication of capacity as well as full transparency of work remaining. They needed to have visual tools that captured every unit of work as well as the ability to track each of these units across their iterations. Based on these criteria, they wanted to implement their agile software development using Kanban with visual Kanban boards. Kanban brings some fantastic benefits. It is a flexible process focused on continuous delivery. Work is visualized on boards clearly showing stalled work, communicating work in progress to stakeholders, identifying improperly scoped work, and calling out expedited work. 18 | 19 | Next, they knew they wanted to move quickly from one iteration to the next with deployments at the end of each iteration. They didn't want the overhead and complexity of maintaining many long term branches so doing trunk-based development was vital. However, they also needed to protect the main branch, keeping main in a deployable state. To truly DevOps at speed, they needed to separate the deployment of code from the releasing of features. And slow-rolling releases of features to their end-users with controlled testing in production was also important. All of this would be implemented using feature flags. 20 | 21 | Finally, they needed automation in place to help enable everything. When issues get filed, notifications need to happen. If someone on the team updates issues, notifications need to happen. To keep quality up, all developer check-ins must go through a pull request. At which point builds should kick off, unit tests should run, and the Tailwind Traders app should be deployed into a staging environment, so not only is the code reviewed, but the application changes are reviewed too. To simplify the PR process, a link to the staging environment should be added as a PR comment. All of these things would be done through automation. 22 | 23 | After doing all of this, Tailwind Traders will be in a pretty good place. They would have adopted the DevOps mindset. They would have picked their tooling. They would have implemented the processes they need with the tooling they picked. The fundamentals of DevOps will now all be in place. 24 | 25 | ### **User problem:** 26 | 27 | Now that we are working together with shared tooling, how do we as a larger technical team manage our workflow? 28 | 29 | ### **Attendee Takeaways:** 30 | * Make work in progress visible with Azure boards. 31 | * Use trunk-based development to keep integration pain down and main ready to ship. 32 | * Automate your workflow to add consistency and remove drudgery. 33 | 34 | ### **Concepts:** 35 | * Communication and Collaboration 36 | * Source Control 37 | * CI 38 | 39 | ### **Technology:** 40 | * Microsoft Teams 41 | * GitHub Repos 42 | * Azure Boards 43 | * GitHub Actions 44 | * Visual Studio Code 45 | 46 | ### **Resources:** 47 | * [PowerPoint Resources and speaker notes](https://aka.ms/aaa/devops/slides/ado20) 48 | * [Link to 45 min version of the session as Train-the-Trainer resource](https://aka.ms/aaa/devops/video/ado20) (demo at 13:11, 23:17 & 30:38) 49 | -------------------------------------------------------------------------------- /ADO30-description.md: -------------------------------------------------------------------------------- 1 | # [ADO30] Building in Security and Quality 2 | 3 | ### **Abstract:** 4 | Security and compliance are core concerns for organizations. Adopting DevOps practices and delivering software faster can increase those concerns. We can take steps to increase security and compliance as part of our DevOps lifecycle. 5 | 6 | ### **Long Description:** 7 | 8 | The Tailwind Traders technical team is settling in on their new tooling. Work is moving across their boards and filling them with a sense of accomplishment. Unfortunately, all is not well. There have been several instances where new releases were deployed on vulnerable container images or missing settings. The team’s leadership is also worried that since they are moving at a quicker pace, are they really reviewing their code as thoroughly as possible? Are they sacrificing code quality and defensive coding in the name of cycle time? 9 | 10 | To address these concerns, the team investigates what they can do. Their first step is turn on the security features inside of GitHub. Turning on dependency alerts and code scanning target two serious problems (outdated dependencies and common security practice violations in code) right at the repository level. 11 | 12 | Next, they look at their container registry. By subscribing to Azure Security Center, they can add container scanning to their Azure Container Registry. This helps them ensure that they are keeping current on all the dependencies in the container images. 13 | 14 | Finally, to improve their environment management, they use Azure Resource Manager templates to define their environment and Azure Policy to help ensure that Azure Security Center is enabled and other important environmental concerns are managed (like only allowing inbound HTTPS traffic). These policies and templates are defined in code, kept in source control, and deployed by command line automation or CI/CD. 15 | 16 | ### **User problem:** 17 | 18 | We can build and develop software more quickly, but misconfiguration and security issues are causing too many problems. 19 | 20 | ### **Attendee Takeaways:** 21 | * Shift security left by enabling security at the earliest possible point. 22 | * Keep your container images current and be aware hidden dangers in base images. 23 | * Use infrastructure as code and policy as code to provide consistency in environments. 24 | 25 | ### **Concepts:** 26 | * Security and Compliance 27 | * Communication and Collaboration 28 | * CI 29 | 30 | ### **Technology:** 31 | * GitHub Automated Pull Requests for Security Updates 32 | * GitHub Secret Scanning 33 | * GitHub Advanced Security 34 | * Azure Container Registry 35 | * Azure Security Center 36 | * Azure Policy 37 | * Azure Resource Manager Templates 38 | * Azure Kubernetes Service (LPK) 39 | 40 | ### **Resources:** 41 | * [PowerPoint Resources and speaker notes](https://aka.ms/aaa/devops/slides/ado30) 42 | * [Link to 45 min version of the session as Train-the-Trainer resource](https://aka.ms/aaa/devops/video/ado30) -------------------------------------------------------------------------------- /ADO40-description.md: -------------------------------------------------------------------------------- 1 | # [ADO40] Delivering Change to the Cloud 2 | 3 | 4 | ### **Abstract:** 5 | The team at Tailwind Traders has a problem - they're still too dependent on manual processes and key individuals to bring their ideas to customers! While they have successfully implemented a raft of practices that result in trusted builds ready for deployment to the cloud, actually delivering the changes in an effective, trustworthy way is the next challenge. 6 | 7 | Tailwind Traders realises they need to automate their deployments, just as they automated their builds. It's important that they can deliver value quickly, but just as important they catch issues before they get to production with robust pipelines that can deploy to the variety of services their projects require. 8 | 9 | ### **Long Description:** 10 | 11 | Tailwind Traders has successfully implemented strategies and processes that ensure developers and operations are collaborating effectively. They've implemented continuous integration and are producing well-tested, trustworthy software, ready for deployment to the cloud. But getting that code into the cloud is their next challenge. 12 | 13 | The team knows they need to automate their deployments just as they automated their builds. And while a comprehensive test suite is important, they need to see running software before it hits production, and be sure they'll get the same result when it's time to go live. In short, they need to move from manual deployments to automated deployments, for all the moving parts of their software and all the cloud services they use. Reducing their dependence on virtual machine-based environments will increase their capacity to build more reliable systems. Automated environment creation and deployment will also allow them to create test environments that mirror production. 14 | 15 | There's a lot to do, but if they can get all this working, they'll have a trustworthy, value-focused, and hands-off delivery pipeline, allowing them to focus on building the best software they can. 16 | 17 | ### **User problem:** 18 | 19 | We can build and develop software quickly and securely, but how do we get it into Production safely and consistently? 20 | 21 | ### **Attendee Takeaways:** 22 | * Deployment automation enables repeatability. 23 | * ChatOps and similar patterns enable control and automation. 24 | * Keep secrets in as few places as possible. 25 | 26 | ### **Concepts:** 27 | * CI 28 | * CD/Release Management 29 | * Communication and Collaboration 30 | * Instrumentation 31 | 32 | ### **Technology:** 33 | * Azure Portal 34 | * GitHub Actions 35 | * Azure KeyVault 36 | * Microsoft Teams 37 | * Azure App Service / Azure Functions 38 | 39 | ### **Resources:** 40 | * [PowerPoint Resources and speaker notes](https://aka.ms/aaa/devops/slides/ado40) 41 | * [Link to 45 min version of the session as Train-the-Trainer resource](https://aka.ms/aaa/devops/video/ado40) -------------------------------------------------------------------------------- /ADO50-description.md: -------------------------------------------------------------------------------- 1 | ## [ADO50] Operating Software in the Cloud 2 | 3 | 4 | ### **Abstract:** 5 | DevOps doesn't stop when you deploy. Incident response, identity management, and controlling access to production are all part of learning to run software well. 6 | 7 | ### **Long Description:** 8 | 9 | Tailwind Traders has come far in their DevOps journey. They are working as one unit between the development and operations teams – even as they continue to grow. Work in progress is visible across the technical team and decisions are made with more complete information based on the state of that work. Build and release are happening consistently and get better every time there is a problem. We are starting to see some cracks in this story now. One of the senior IT admins, one who provisioned much of the original environment in fact, has moved on to another opportunity. After cleaning up all Azure Active Directory-related artifacts from the former employee, things start to fail. And things are failing catastrophically across their stack. 10 | 11 | Emails go out and channels are notified, but there is not a specific person or group responsible for acting on those alerts. Because of the low-level nature of the failures (authentication failures), it is tough to figure out who is responsible for responding. 12 | 13 | The Tailwind Traders team begins to respond. They put together a small cross-functional team to begin responding to the outage and start to recover. But they don’t want this to happen again. One of the team members suggests defining a role of Designated Responsible Individual for each team. Teams can set up rotations for this role and that person would be responsible for responding to and starting any incident response. They don’t necessarily have to solve everything themselves, but they gather the initial information and can start to pull in additional help as needed. The decide to use the Shifts app in Microsoft Teams to create their DRI schedules. 14 | 15 | Their next course of action is to start removing areas where only individual team members have rights or ownership of infrastructure components or authenticate automation. They use Azure AD Service Principals and Managed Service Identities to provide authentication and access control for their Azure resources. For those services where they cannot use a managed identity or service principal, the team creates calendar reminders or re-occurring tasks to periodically validate/rotate the credentials associated 16 | 17 | Over time, the team finds and reduces the number of places the infrastructure and application depend on individual people. They refine and improve their DRI on-call process and improve their incident response practices. They move many of their regular tasks into Logic Apps and Azure Functions to allow them to execute under the service principals/managed identities and remove user access to production environments. 18 | 19 | ### **User problem:** 20 | 21 | How can we operate our software in the cloud more effectively at scale? 22 | 23 | ### **Attendee Takeaways:** 24 | * For incidents to be effectively managed, someone needs to be responsible for responding. 25 | * No magic people or machines! Reduce the dependence on individual user accounts or environments with service principals and managed identities. 26 | * Use automation to deliver change into the environment – remove manual steps. 27 | 28 | ### **Concepts:** 29 | * Security and Compliance 30 | * Communications and Collaboration 31 | * CD/Release Management 32 | 33 | ### **Technology:** 34 | * Azure AD (Service Principals and Managed Identities) 35 | * Microsoft Teams (Shifts) 36 | * Azure Monitor 37 | * Azure Logic Apps / Azure Functions 38 | 39 | ### **Resources:** 40 | * [PowerPoint Resources and speaker notes](https://aka.ms/aaa/devops/slides/ado50) 41 | * [Link to 45 min version of the session as Train-the-Trainer resource](https://aka.ms/aaa/devops/video/ado50) -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Microsoft Open Source Code of Conduct 2 | 3 | This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). 4 | 5 | Resources: 6 | 7 | - [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/) 8 | - [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) 9 | - Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns 10 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Attribution 4.0 International 2 | 3 | ======================================================================= 4 | 5 | Creative Commons Corporation ("Creative Commons") is not a law firm and 6 | does not provide legal services or legal advice. Distribution of 7 | Creative Commons public licenses does not create a lawyer-client or 8 | other relationship. Creative Commons makes its licenses and related 9 | information available on an "as-is" basis. Creative Commons gives no 10 | warranties regarding its licenses, any material licensed under their 11 | terms and conditions, or any related information. Creative Commons 12 | disclaims all liability for damages resulting from their use to the 13 | fullest extent possible. 14 | 15 | Using Creative Commons Public Licenses 16 | 17 | Creative Commons public licenses provide a standard set of terms and 18 | conditions that creators and other rights holders may use to share 19 | original works of authorship and other material subject to copyright 20 | and certain other rights specified in the public license below. The 21 | following considerations are for informational purposes only, are not 22 | exhaustive, and do not form part of our licenses. 23 | 24 | Considerations for licensors: Our public licenses are 25 | intended for use by those authorized to give the public 26 | permission to use material in ways otherwise restricted by 27 | copyright and certain other rights. Our licenses are 28 | irrevocable. Licensors should read and understand the terms 29 | and conditions of the license they choose before applying it. 30 | Licensors should also secure all rights necessary before 31 | applying our licenses so that the public can reuse the 32 | material as expected. Licensors should clearly mark any 33 | material not subject to the license. This includes other CC- 34 | licensed material, or material used under an exception or 35 | limitation to copyright. More considerations for licensors: 36 | wiki.creativecommons.org/Considerations_for_licensors 37 | 38 | Considerations for the public: By using one of our public 39 | licenses, a licensor grants the public permission to use the 40 | licensed material under specified terms and conditions. If 41 | the licensor's permission is not necessary for any reason--for 42 | example, because of any applicable exception or limitation to 43 | copyright--then that use is not regulated by the license. Our 44 | licenses grant only permissions under copyright and certain 45 | other rights that a licensor has authority to grant. Use of 46 | the licensed material may still be restricted for other 47 | reasons, including because others have copyright or other 48 | rights in the material. A licensor may make special requests, 49 | such as asking that all changes be marked or described. 50 | Although not required by our licenses, you are encouraged to 51 | respect those requests where reasonable. More_considerations 52 | for the public: 53 | wiki.creativecommons.org/Considerations_for_licensees 54 | 55 | ======================================================================= 56 | 57 | Creative Commons Attribution 4.0 International Public License 58 | 59 | By exercising the Licensed Rights (defined below), You accept and agree 60 | to be bound by the terms and conditions of this Creative Commons 61 | Attribution 4.0 International Public License ("Public License"). To the 62 | extent this Public License may be interpreted as a contract, You are 63 | granted the Licensed Rights in consideration of Your acceptance of 64 | these terms and conditions, and the Licensor grants You such rights in 65 | consideration of benefits the Licensor receives from making the 66 | Licensed Material available under these terms and conditions. 67 | 68 | 69 | Section 1 -- Definitions. 70 | 71 | a. Adapted Material means material subject to Copyright and Similar 72 | Rights that is derived from or based upon the Licensed Material 73 | and in which the Licensed Material is translated, altered, 74 | arranged, transformed, or otherwise modified in a manner requiring 75 | permission under the Copyright and Similar Rights held by the 76 | Licensor. For purposes of this Public License, where the Licensed 77 | Material is a musical work, performance, or sound recording, 78 | Adapted Material is always produced where the Licensed Material is 79 | synched in timed relation with a moving image. 80 | 81 | b. Adapter's License means the license You apply to Your Copyright 82 | and Similar Rights in Your contributions to Adapted Material in 83 | accordance with the terms and conditions of this Public License. 84 | 85 | c. Copyright and Similar Rights means copyright and/or similar rights 86 | closely related to copyright including, without limitation, 87 | performance, broadcast, sound recording, and Sui Generis Database 88 | Rights, without regard to how the rights are labeled or 89 | categorized. For purposes of this Public License, the rights 90 | specified in Section 2(b)(1)-(2) are not Copyright and Similar 91 | Rights. 92 | 93 | d. Effective Technological Measures means those measures that, in the 94 | absence of proper authority, may not be circumvented under laws 95 | fulfilling obligations under Article 11 of the WIPO Copyright 96 | Treaty adopted on December 20, 1996, and/or similar international 97 | agreements. 98 | 99 | e. Exceptions and Limitations means fair use, fair dealing, and/or 100 | any other exception or limitation to Copyright and Similar Rights 101 | that applies to Your use of the Licensed Material. 102 | 103 | f. Licensed Material means the artistic or literary work, database, 104 | or other material to which the Licensor applied this Public 105 | License. 106 | 107 | g. Licensed Rights means the rights granted to You subject to the 108 | terms and conditions of this Public License, which are limited to 109 | all Copyright and Similar Rights that apply to Your use of the 110 | Licensed Material and that the Licensor has authority to license. 111 | 112 | h. Licensor means the individual(s) or entity(ies) granting rights 113 | under this Public License. 114 | 115 | i. Share means to provide material to the public by any means or 116 | process that requires permission under the Licensed Rights, such 117 | as reproduction, public display, public performance, distribution, 118 | dissemination, communication, or importation, and to make material 119 | available to the public including in ways that members of the 120 | public may access the material from a place and at a time 121 | individually chosen by them. 122 | 123 | j. Sui Generis Database Rights means rights other than copyright 124 | resulting from Directive 96/9/EC of the European Parliament and of 125 | the Council of 11 March 1996 on the legal protection of databases, 126 | as amended and/or succeeded, as well as other essentially 127 | equivalent rights anywhere in the world. 128 | 129 | k. You means the individual or entity exercising the Licensed Rights 130 | under this Public License. Your has a corresponding meaning. 131 | 132 | 133 | Section 2 -- Scope. 134 | 135 | a. License grant. 136 | 137 | 1. Subject to the terms and conditions of this Public License, 138 | the Licensor hereby grants You a worldwide, royalty-free, 139 | non-sublicensable, non-exclusive, irrevocable license to 140 | exercise the Licensed Rights in the Licensed Material to: 141 | 142 | a. reproduce and Share the Licensed Material, in whole or 143 | in part; and 144 | 145 | b. produce, reproduce, and Share Adapted Material. 146 | 147 | 2. Exceptions and Limitations. For the avoidance of doubt, where 148 | Exceptions and Limitations apply to Your use, this Public 149 | License does not apply, and You do not need to comply with 150 | its terms and conditions. 151 | 152 | 3. Term. The term of this Public License is specified in Section 153 | 6(a). 154 | 155 | 4. Media and formats; technical modifications allowed. The 156 | Licensor authorizes You to exercise the Licensed Rights in 157 | all media and formats whether now known or hereafter created, 158 | and to make technical modifications necessary to do so. The 159 | Licensor waives and/or agrees not to assert any right or 160 | authority to forbid You from making technical modifications 161 | necessary to exercise the Licensed Rights, including 162 | technical modifications necessary to circumvent Effective 163 | Technological Measures. For purposes of this Public License, 164 | simply making modifications authorized by this Section 2(a) 165 | (4) never produces Adapted Material. 166 | 167 | 5. Downstream recipients. 168 | 169 | a. Offer from the Licensor -- Licensed Material. Every 170 | recipient of the Licensed Material automatically 171 | receives an offer from the Licensor to exercise the 172 | Licensed Rights under the terms and conditions of this 173 | Public License. 174 | 175 | b. No downstream restrictions. You may not offer or impose 176 | any additional or different terms or conditions on, or 177 | apply any Effective Technological Measures to, the 178 | Licensed Material if doing so restricts exercise of the 179 | Licensed Rights by any recipient of the Licensed 180 | Material. 181 | 182 | 6. No endorsement. Nothing in this Public License constitutes or 183 | may be construed as permission to assert or imply that You 184 | are, or that Your use of the Licensed Material is, connected 185 | with, or sponsored, endorsed, or granted official status by, 186 | the Licensor or others designated to receive attribution as 187 | provided in Section 3(a)(1)(A)(i). 188 | 189 | b. Other rights. 190 | 191 | 1. Moral rights, such as the right of integrity, are not 192 | licensed under this Public License, nor are publicity, 193 | privacy, and/or other similar personality rights; however, to 194 | the extent possible, the Licensor waives and/or agrees not to 195 | assert any such rights held by the Licensor to the limited 196 | extent necessary to allow You to exercise the Licensed 197 | Rights, but not otherwise. 198 | 199 | 2. Patent and trademark rights are not licensed under this 200 | Public License. 201 | 202 | 3. To the extent possible, the Licensor waives any right to 203 | collect royalties from You for the exercise of the Licensed 204 | Rights, whether directly or through a collecting society 205 | under any voluntary or waivable statutory or compulsory 206 | licensing scheme. In all other cases the Licensor expressly 207 | reserves any right to collect such royalties. 208 | 209 | 210 | Section 3 -- License Conditions. 211 | 212 | Your exercise of the Licensed Rights is expressly made subject to the 213 | following conditions. 214 | 215 | a. Attribution. 216 | 217 | 1. If You Share the Licensed Material (including in modified 218 | form), You must: 219 | 220 | a. retain the following if it is supplied by the Licensor 221 | with the Licensed Material: 222 | 223 | i. identification of the creator(s) of the Licensed 224 | Material and any others designated to receive 225 | attribution, in any reasonable manner requested by 226 | the Licensor (including by pseudonym if 227 | designated); 228 | 229 | ii. a copyright notice; 230 | 231 | iii. a notice that refers to this Public License; 232 | 233 | iv. a notice that refers to the disclaimer of 234 | warranties; 235 | 236 | v. a URI or hyperlink to the Licensed Material to the 237 | extent reasonably practicable; 238 | 239 | b. indicate if You modified the Licensed Material and 240 | retain an indication of any previous modifications; and 241 | 242 | c. indicate the Licensed Material is licensed under this 243 | Public License, and include the text of, or the URI or 244 | hyperlink to, this Public License. 245 | 246 | 2. You may satisfy the conditions in Section 3(a)(1) in any 247 | reasonable manner based on the medium, means, and context in 248 | which You Share the Licensed Material. For example, it may be 249 | reasonable to satisfy the conditions by providing a URI or 250 | hyperlink to a resource that includes the required 251 | information. 252 | 253 | 3. If requested by the Licensor, You must remove any of the 254 | information required by Section 3(a)(1)(A) to the extent 255 | reasonably practicable. 256 | 257 | 4. If You Share Adapted Material You produce, the Adapter's 258 | License You apply must not prevent recipients of the Adapted 259 | Material from complying with this Public License. 260 | 261 | 262 | Section 4 -- Sui Generis Database Rights. 263 | 264 | Where the Licensed Rights include Sui Generis Database Rights that 265 | apply to Your use of the Licensed Material: 266 | 267 | a. for the avoidance of doubt, Section 2(a)(1) grants You the right 268 | to extract, reuse, reproduce, and Share all or a substantial 269 | portion of the contents of the database; 270 | 271 | b. if You include all or a substantial portion of the database 272 | contents in a database in which You have Sui Generis Database 273 | Rights, then the database in which You have Sui Generis Database 274 | Rights (but not its individual contents) is Adapted Material; and 275 | 276 | c. You must comply with the conditions in Section 3(a) if You Share 277 | all or a substantial portion of the contents of the database. 278 | 279 | For the avoidance of doubt, this Section 4 supplements and does not 280 | replace Your obligations under this Public License where the Licensed 281 | Rights include other Copyright and Similar Rights. 282 | 283 | 284 | Section 5 -- Disclaimer of Warranties and Limitation of Liability. 285 | 286 | a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE 287 | EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS 288 | AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF 289 | ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS, 290 | IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION, 291 | WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR 292 | PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS, 293 | ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT 294 | KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT 295 | ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU. 296 | 297 | b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE 298 | TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, 299 | NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT, 300 | INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES, 301 | COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR 302 | USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN 303 | ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR 304 | DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR 305 | IN PART, THIS LIMITATION MAY NOT APPLY TO YOU. 306 | 307 | c. The disclaimer of warranties and limitation of liability provided 308 | above shall be interpreted in a manner that, to the extent 309 | possible, most closely approximates an absolute disclaimer and 310 | waiver of all liability. 311 | 312 | 313 | Section 6 -- Term and Termination. 314 | 315 | a. This Public License applies for the term of the Copyright and 316 | Similar Rights licensed here. However, if You fail to comply with 317 | this Public License, then Your rights under this Public License 318 | terminate automatically. 319 | 320 | b. Where Your right to use the Licensed Material has terminated under 321 | Section 6(a), it reinstates: 322 | 323 | 1. automatically as of the date the violation is cured, provided 324 | it is cured within 30 days of Your discovery of the 325 | violation; or 326 | 327 | 2. upon express reinstatement by the Licensor. 328 | 329 | For the avoidance of doubt, this Section 6(b) does not affect any 330 | right the Licensor may have to seek remedies for Your violations 331 | of this Public License. 332 | 333 | c. For the avoidance of doubt, the Licensor may also offer the 334 | Licensed Material under separate terms or conditions or stop 335 | distributing the Licensed Material at any time; however, doing so 336 | will not terminate this Public License. 337 | 338 | d. Sections 1, 5, 6, 7, and 8 survive termination of this Public 339 | License. 340 | 341 | 342 | Section 7 -- Other Terms and Conditions. 343 | 344 | a. The Licensor shall not be bound by any additional or different 345 | terms or conditions communicated by You unless expressly agreed. 346 | 347 | b. Any arrangements, understandings, or agreements regarding the 348 | Licensed Material not stated herein are separate from and 349 | independent of the terms and conditions of this Public License. 350 | 351 | 352 | Section 8 -- Interpretation. 353 | 354 | a. For the avoidance of doubt, this Public License does not, and 355 | shall not be interpreted to, reduce, limit, restrict, or impose 356 | conditions on any use of the Licensed Material that could lawfully 357 | be made without permission under this Public License. 358 | 359 | b. To the extent possible, if any provision of this Public License is 360 | deemed unenforceable, it shall be automatically reformed to the 361 | minimum extent necessary to make it enforceable. If the provision 362 | cannot be reformed, it shall be severed from this Public License 363 | without affecting the enforceability of the remaining terms and 364 | conditions. 365 | 366 | c. No term or condition of this Public License will be waived and no 367 | failure to comply consented to unless expressly agreed to by the 368 | Licensor. 369 | 370 | d. Nothing in this Public License constitutes or may be interpreted 371 | as a limitation upon, or waiver of, any privileges and immunities 372 | that apply to the Licensor or You, including from the legal 373 | processes of any jurisdiction or authority. 374 | 375 | 376 | ======================================================================= 377 | 378 | Creative Commons is not a party to its public 379 | licenses. Notwithstanding, Creative Commons may elect to apply one of 380 | its public licenses to material it publishes and in those instances 381 | will be considered the “Licensor.” The text of the Creative Commons 382 | public licenses is dedicated to the public domain under the CC0 Public 383 | Domain Dedication. Except for the limited purpose of indicating that 384 | material is shared under a Creative Commons public license or as 385 | otherwise permitted by the Creative Commons policies published at 386 | creativecommons.org/policies, Creative Commons does not authorize the 387 | use of the trademark "Creative Commons" or any other trademark or logo 388 | of Creative Commons without its prior written consent including, 389 | without limitation, in connection with any unauthorized modifications 390 | to any of its public licenses or any other arrangements, 391 | understandings, or agreements concerning use of licensed material. For 392 | the avoidance of doubt, this paragraph does not form part of the 393 | public licenses. 394 | 395 | Creative Commons may be contacted at creativecommons.org. -------------------------------------------------------------------------------- /LICENSE-CODE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) Microsoft Corporation. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | # DevOps with Github Learning Path 3 | 4 | ## Learning Path Description: 5 | Tailwind Traders loves building software and working in the cloud. Their team is growing and becoming more specialized. In this learning path, you’ll work along with the Tailwind development and operations teams as they figure out how to work better together using DevOps patterns and practices. 6 | 7 | ## Sessions: 8 | 9 | Listed below are 5 sessions and all resources associated with them so you can redeliver them in your technical community 10 | 11 | There are no demos, however video recordings of demos have been provided 12 | 13 | ## [ADO10] Getting started with DevOps 14 | 15 | ### **Full Details:** [ADO10-description.md](/ADO10-description.md) 16 | 17 | #### **Abstract:** 18 | As teams grow, finding ways to effectively work together is vital. Communication across teams is challenging. We need to enable discovery of conversations and related information. Source code, scripts, configuration files, deployment docs and other related content also need to be centralized and versioned. Finally, teams need tooling that not only works across multiple project types and languages, but also facilitates remote-first collaboration. 19 | 20 | #### **Attendee Takeaways:** 21 | * Make communication centralized and discoverable. 22 | * Everything that can be versioned goes in source control. 23 | * Pick tools that support your team’s workflow – including source control, remote collaboration, and language and project types. 24 | 25 | 26 | #### **Resources:** 27 | * [PowerPoint Resources and speaker notes](https://aka.ms/aaa/devops/slides/ado10) 28 | * [Link to 45 min version of the session as Train-the-Trainer resource](https://aka.ms/aaa/devops/video/ado10) 29 | 30 | 31 | 32 | ## [ADO20] Managing the Flow of Work 33 | 34 | ### **Full Details:** [ADO20-description.md](/ADO20-description.md) 35 | 36 | 37 | #### **Abstract:** 38 | DevOps is all about continuously delivering value. Before we can even begin thinking about CI/CD, we need to make sure we do the right work. Sprint after sprint, iteration after iteration, we need to plan our work and manage our workflows. 39 | 40 | This includes planning and tracking all units of work for the project. With frequent small iterations, there is no time to waste. Careful planning needs to happen to ensure the correct work gets done for each iteration. With the compressed time frame for each iteration, team members must work and coordinate their activities. Thus cross (functional) team visibility of work becomes vital for that coordination and allocation of resources. Visibility also ensures problems or bottlenecks get surfaced and addressed quickly. 41 | 42 | Managing source control changes are also important. We need to be in a deployable state at the end of every sprint. The main branch should be protected, yet changes being introduced should not be overly hampered and slowed down by the process. Being able to iterate quickly and safely is vital. 43 | 44 | And Finally, we need automation surrounding all our workflows to help enable everything as well as add consistency in what we do. 45 | 46 | #### **Attendee Takeaways:** 47 | * Make work in progress visible with Azure boards. 48 | * Use trunk-based development to keep integration pain down and master ready to ship. 49 | * Automate your workflow to add consistency and remove drudgery. 50 | 51 | #### **Resources:** 52 | * [PowerPoint Resources and speaker notes](https://aka.ms/aaa/devops/slides/ado20) 53 | * [Link to 45 min version of the session as Train-the-Trainer resource](https://aka.ms/aaa/devops/video/ado20) 54 | 55 | 56 | ## [ADO30] Building in Security and Quality 57 | 58 | ### **Full Details:** [ADO30-description.md](/ADO30-description.md) 59 | 60 | 61 | #### **Abstract:** 62 | Security and compliance are core concerns for organizations. Adopting DevOps practices and delivering software faster can increase those concerns. We can take steps to increase security and compliance as part of our DevOps lifecycle. 63 | 64 | #### **Attendee Takeaways:** 65 | * Shift security left by enabling security at the earliest possible point. 66 | * Keep your container images current and be aware hidden dangers in base images. 67 | * Use infrastructure as code and policy as code to provide consistency in environments. 68 | 69 | #### **Resources:** 70 | * [PowerPoint Resources and speaker notes](https://aka.ms/aaa/devops/slides/ado30) 71 | * [Link to 45 min version of the session as Train-the-Trainer resource](https://aka.ms/aaa/devops/video/ado30) 72 | 73 | 74 | ## [ADO40] Delivering Change to the Cloud 75 | 76 | ### **Full Details:** [ADO40-description.md](/ADO40-description.md) 77 | 78 | 79 | #### **Abstract:** 80 | The team at Tailwind Traders has a problem - they're still too dependent on manual processes and key individuals to bring their ideas to customers! While they have successfully implemented a raft of practices that result in trusted builds ready for deployment to the cloud, actually delivering the changes in an effective, trustworthy way is the next challenge. 81 | 82 | Tailwind Traders realises they need to automate their deployments, just as they automated their builds. It's important that they can deliver value quickly, but just as important they catch issues before they get to production with robust pipelines that can deploy to the variety of services their projects require. 83 | 84 | #### **Attendee Takeaways:** 85 | * Deployment automation enables repeatability. 86 | * ChatOps and similar patterns enable control and automation. 87 | * Keep secrets in as few places as possible. 88 | 89 | #### **Resources:** 90 | * [PowerPoint Resources and speaker notes](https://aka.ms/aaa/devops/slides/ado40) 91 | * [Link to 45 min version of the session as Train-the-Trainer resource](https://aka.ms/aaa/devops/video/ado40) 92 | 93 | 94 | ## [ADO50] Operating Software in the Cloud 95 | 96 | ### **Full Details:** [ADO50-description.md](/ADO50-description.md) 97 | 98 | 99 | #### **Abstract:** 100 | DevOps doesn't stop when you deploy. Incident response, identity management, and controlling access to production are all part of learning to run software well. 101 | 102 | #### **Attendee Takeaways:** 103 | * For incidents to be effectively managed, someone needs to be responsible for responding. 104 | * No magic people or machines! Reduce the dependence on individual user accounts or environments with service principals and managed identities. 105 | * Use automation to deliver change into the environment – remove manual steps. 106 | 107 | #### **Resources:** 108 | * [PowerPoint Resources and speaker notes](https://aka.ms/aaa/devops/slides/ado50) 109 | * [Link to 45 min version of the session as Train-the-Trainer resource](https://aka.ms/aaa/devops/video/ado50) 110 | 111 | 112 | 113 | 114 | # Contributing 115 | 116 | This project welcomes contributions and suggestions. Most contributions require you to agree to a 117 | Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us 118 | the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com. 119 | 120 | When you submit a pull request, a CLA bot will automatically determine whether you need to provide 121 | a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions 122 | provided by the bot. You will only need to do this once across all repos using our CLA. 123 | 124 | This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). 125 | For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or 126 | contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. 127 | 128 | # Legal Notices 129 | 130 | Microsoft and any contributors grant you a license to the Microsoft documentation and other content 131 | in this repository under the [Creative Commons Attribution 4.0 International Public License](https://creativecommons.org/licenses/by/4.0/legalcode), 132 | see the [LICENSE](LICENSE) file, and grant you a license to any code in the repository under the [MIT License](https://opensource.org/licenses/MIT), see the 133 | [LICENSE-CODE](LICENSE-CODE) file. 134 | 135 | Microsoft, Windows, Microsoft Azure and/or other Microsoft products and services referenced in the documentation 136 | may be either trademarks or registered trademarks of Microsoft in the United States and/or other countries. 137 | The licenses for this project do not grant you rights to use any Microsoft names, logos, or trademarks. 138 | Microsoft's general trademark guidelines can be found at http://go.microsoft.com/fwlink/?LinkID=254653. 139 | 140 | Privacy information can be found at https://privacy.microsoft.com/en-us/ 141 | 142 | Microsoft and any contributors reserve all other rights, whether under their respective copyrights, patents, 143 | or trademarks, whether by implication, estoppel or otherwise. 144 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | ## Security 4 | 5 | Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/). 6 | 7 | If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc751383(v=technet.10)), please report it to us as described below. 8 | 9 | ## Reporting Security Issues 10 | 11 | **Please do not report security vulnerabilities through public GitHub issues.** 12 | 13 | Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://msrc.microsoft.com/create-report). 14 | 15 | If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://www.microsoft.com/en-us/msrc/pgp-key-msrc). 16 | 17 | You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc). 18 | 19 | Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue: 20 | 21 | * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.) 22 | * Full paths of source file(s) related to the manifestation of the issue 23 | * The location of the affected source code (tag/branch/commit or direct URL) 24 | * Any special configuration required to reproduce the issue 25 | * Step-by-step instructions to reproduce the issue 26 | * Proof-of-concept or exploit code (if possible) 27 | * Impact of the issue, including how an attacker might exploit the issue 28 | 29 | This information will help us triage your report more quickly. 30 | 31 | If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://microsoft.com/msrc/bounty) page for more details about our active programs. 32 | 33 | ## Preferred Languages 34 | 35 | We prefer all communications to be in English. 36 | 37 | ## Policy 38 | 39 | Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/en-us/msrc/cvd). 40 | 41 | --------------------------------------------------------------------------------